CVE-2025-46310
6.0 MEDIUMThis issue was addressed through improved state management
Published: 2026-02-11 · Last updated: 2026-05-26
Severity and scoring
- CVSS
- 6.0 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
- CWE
- CWE-269
Affected products
| Vendor | Product |
|---|---|
| apple | macos |
Description
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26. An attacker with root privileges may be able to delete protected system files.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2025-46310
- [Other]https://support.apple.com/en-us/125110
- [Vendor advisory]https://support.apple.com/en-us/126349
- [Vendor advisory]https://support.apple.com/en-us/126350
Related CVEs
Same vendor
- CVE-2025-46315 — A permissions issue was addressed with additional restrictions (7.5 HIGH)
- CVE-2025-46313 — A logging issue was addressed with improved data redaction (5.5 MEDIUM)
- CVE-2025-46308 — An authorization issue was addressed with improved state management (5.3 MEDIUM)
- CVE-2025-46293 — This issue was addressed with improved handling of symlinks (5.5 MEDIUM)
- CVE-2025-43339 — An access issue was addressed with additional sandbox restrictions (5.5 MEDIUM)
Same CWE
- CVE-2024-38487 — api-gateway container running with root privilege would allow an attacker to escape the container and access host system to perform unint... (7.0 HIGH)
- CVE-2026-12313 — Information disclosure, sandbox escape in the Security: Process Sandboxing component (4.7 MEDIUM)
- CVE-2026-12289 — Privilege escalation in the Graphics: WebRender component (8.8 HIGH)
- CVE-2026-8176 — The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Adminis... (7.5 HIGH)
- CVE-2025-9912 — Nokia SR Linux is vulnerable to a local privilege escalation vulnerability (6.3 MEDIUM)